Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752967AbdC0Nyb convert rfc822-to-8bit (ORCPT <rfc822;w@1wt.eu>);
        Mon, 27 Mar 2017 09:54:31 -0400
Received: from mail.eperm.de ([89.247.134.16]:58616 "EHLO mail.eperm.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752482AbdC0NxT (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Mar 2017 09:53:19 -0400
From: Stephan =?ISO-8859-1?Q?M=FCller?= <smueller@chronox.de>
To: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Cc: Krzysztof Kozlowski <krzk@kernel.org>, Kukjin Kim <kgene@kernel.org>,
        Javier Martinez Canillas <javier@osg.samsung.com>,
        Matt Mackall <mpm@selenic.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>, linux-kernel@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org,
        linux-samsung-soc@vger.kernel.org, linux-crypto@vger.kernel.org,
        Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
        Arnd Bergmann <arnd@arndb.de>, Olof Johansson <olof@lixom.net>
Subject: Re: [PATCH v3 1/3] crypto: hw_random - Add new Exynos RNG driver
Date: Mon, 27 Mar 2017 15:53:03 +0200
Message-ID: <1564458.pWTRdRYEuG@positron.chronox.de>
In-Reply-To: <CANc+2y7USMcmZn9i75vQfnJB5ELRsej7KoBKQ-BORXxSOBW7Ng@mail.gmail.com>
References: <20170325162654.3827-1-krzk@kernel.org> <4479175.Jfq03yCxQW@tauon.atsec.com> <CANc+2y7USMcmZn9i75vQfnJB5ELRsej7KoBKQ-BORXxSOBW7Ng@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8BIT
Content-Type: text/plain; charset="iso-8859-1"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1689
Lines: 45

Am Montag, 27. M?rz 2017, 06:23:11 CEST schrieb PrasannaKumar Muralidharan:

Hi PrasannaKumar,

> > Oh my, if you are right with your first guess, this is a bad DRNG design.
> > 
> > Just out of curiousity: what happens if a caller invokes the seed function
> > twice or more times (each time with the sufficient amount of bits)? What
> > is
> > your guess here?
> 
> Should the second seed use the random data generated by the device?

A DRNG should be capable of processing an arbitrary amount of seed data. It 
may be the case that the seed data must be processed in chunks though.

That said, it may be the case that after injecting one chunk of seed the 
currently discussed RNG simply needs to generate a random number to process 
the input data before another seed can be added. But that is pure speculation.

But I guess that can be easily tested: inject a known seed into the DRNG, 
generate a random number, inject the same seed again and again generate a 
random number. If both are identical (which I do not hope), then the internal 
state is simply overwritten (strange DRNG design).

A similar test can be made to see whether a larger set of seed simply 
overwrites the state or is really processed.

1. seed
2. generate random data
3. reset
4. seed with anther seed
5. generate random data
6. reset
7. seed with same data from 1
8. seed with same data from 2
9. generate random data

If data from 9 is identical to 2, then additional seed data is discarded -> 
bad design. If data from 9 is identical to 5, then the additional data 
overwrites the initial data -> bad DRNG design. If data from 9 neither matches 
2 or 5, then all seed is taken -> good design.

Ciao
Stephan